8.6
CVE-2024-47076
- EPSS 71.13%
- Veröffentlicht 26.09.2024 22:15:04
- Zuletzt bearbeitet 03.11.2025 23:16:12
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginCUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Openprinting ≫ Libcupsfilters Version <= 2.0.0
Openprinting ≫ Libcupsfilters Version2.1 Updatebeta1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 71.13% | 0.986 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
|
| security-advisories@github.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.